Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove dependency patch resolution #267

Merged
merged 1 commit into from
Apr 10, 2019
Merged

Remove dependency patch resolution #267

merged 1 commit into from
Apr 10, 2019

Conversation

cweagans
Copy link
Owner

@cweagans cweagans commented Apr 9, 2019
edited
Loading

This is something that I've wanted to do for a while, but we haven't had the infrastructure to let people add it on to the plugin if they really need this functionality. I was hesitant to add it in the first place, because allowing some arbitrary package to patch another has some security risks associated with it (imagine some contrib module just nuking the entire filter module in drupal/core).

Since PatchResolvers are now Composer Capabilities, this plugin can be extended by another plugin. I'm happy to help someone build out their own plugin to provide this functionality if there's strong enough interest. There is also some movement toward making patch application a Capability, so a third party plugin will be able to handle transforming the path to the patch file appropriately (to address issues like #39).

From a maintenance burden standpoint, this functionality has probably been one of the more difficult parts of the plugin. Aside from the security risks, it's been pretty error prone, and there are a ton of instances where multiple modules require the same patch (which causes problems - can't apply the same patch twice, the internal data structure doesn't really tolerate duplicate patches that well, etc).

@cweagans cweagans force-pushed the remove-dependency-patch-resolution branch from 46a9089 to c32d533 Compare April 9, 2019 23:35
Repository owner deleted a comment from coveralls Apr 9, 2019
ElijahLynn
ElijahLynn reviewed Apr 9, 2019
View reviewed changes
tests/_support/_generated/UnitTesterActions.php
@@ -540,9 +565,45 @@ public function fail($message) {
*
* @param $exception string or \Exception
* @param $callback
*
* @deprecated Use expectThrowable instead
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this valid?

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it's generated code from codeception.

@ElijahLynn
Copy link
Contributor

👍

@cweagans cweagans merged commit 4ebb103 into master Apr 10, 2019
@cweagans cweagans deleted the remove-dependency-patch-resolution branch April 10, 2019 02:47
@iamweird iamweird mentioned this pull request Jun 17, 2020
Closed
@cweagans cweagans mentioned this pull request Jul 23, 2020
Closed
@AndreasA
Copy link

@cweagans Any news when this will be released with an official version because I think it is rather important 😄

@xurizaemon
Copy link

xurizaemon commented Apr 1, 2022
edited
Loading

@AndreasA I had to look twice to realise that this PR removes support for resolving the path to patches in dependencies. From what I believe I see in current composer:

  • Patches mentioned in dependences will be applied (if enable-patching is set true), if you reference patches by network URLs (relative paths don't apply)
  • Patches mentioned in dependencies won't have their paths resolved, so they will be looked for relative to the project root not the dependency root.
  • An external patch file reference also will be looked for relative to the project root, not the dependency root.

The change in this PR (merged April 2019) would have been released in 1.6.6 (May 2019) actually not clear about that, #322 (comment) says that resolving relative patches was still in as of April 2020. And now I wonder if I've read your comment backwards ...

@AndreasA
Copy link

AndreasA commented Apr 1, 2022

@xurizaemon from what I can see the commit was merged forever ago but not yet included in a released version of the package which is weird. Personally, I think it makes more sense to specify all patches in the root only, to avoid weird side-effects and confusion.

@AndreasA
Copy link

AndreasA commented Apr 1, 2022

@xurizaemon I have now checked the code for v1.x and according to this code line https://github.com/cweagans/composer-patches/blob/1.7.2/src/Patches.php#L436
the dependency patching is always enabled as soon as the root composer.json uses patches.
At least prior to this change which is part of 2.x and still not released.

@cweagans
Copy link
Owner Author

cweagans commented Apr 1, 2022

This pr only affects the 2.x release, which has no specific release date nor timeline. This will not be added to 1.x.

stucki added a commit to stucki/composer-patches that referenced this pull request Apr 12, 2022
@stucki
Revert "Merge pull request cweagans#267 from cweagans/remove-dependen…
b7fbdea 
…cy-patch-resolution"

This reverts commit 4ebb103, reversing
changes made to fc8a477.
@cweagans cweagans mentioned this pull request Feb 8, 2023
Closed
@podarok podarok mentioned this pull request Jul 4, 2023
Open
This was referenced Oct 25, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ElijahLynn ElijahLynn ElijahLynn left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cweagans @ElijahLynn @AndreasA @xurizaemon